Mutt 1.5.13 and previous versions does not properly use the --status-fd argument when invoking GnuPG, which prevents Mutt from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote malicious users to forge the contents of a message without detection.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mutt mutt |